Network Endpoint

The Network Endpoint object describes characteristics of a network endpoint. These can be a source or destination of a network connection.

Extends: endpoint

Attributes

container

Type: container
Requirement: recommended

The information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.

hostname

Type: hostname_t
Requirement: recommended

The fully qualified name of the endpoint.

instance_uid

Type: string_t
Requirement: recommended

The unique identifier of a VM instance.

interface_name

Type: string_t
Requirement: recommended

The name of the network interface (e.g. eth2).

interface_uid

Type: string_t
Requirement: recommended

The unique identifier of the network interface.

ip

Type: ip_t
Requirement: recommended

The IP address of the endpoint, in either IPv4 or IPv6 format.

name

Type: string_t
Requirement: recommended

The short name of the endpoint.

namespace_pid

Type: integer_t
Requirement: recommended

If running under a process namespace (such as in a container), the process identifier within that process namespace.

owner

Type: user
Requirement: recommended

The identity of the service or user account that owns the endpoint or was last logged into it.

port

Type: port_t
Requirement: recommended

The port used for communication within the network connection.

svc_name

Type: string_t
Requirement: recommended

The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service.

type_id

Type: integer_t
Requirement: recommended
Values:
- 0 - Unknown: The type is unknown.
- 1 - Server: A server.
- 2 - Desktop: A desktop computer.
- 3 - Laptop: A laptop computer.
- 4 - Tablet: A tablet computer.
- 5 - Mobile: A mobile phone.
- 6 - Virtual: A virtual machine.
- 7 - IOT: A IOT (Internet of Things) device.
- 8 - Browser: A web browser.
- 9 - Firewall: A networking firewall.
- 10 - Switch: A networking switch.
- 11 - Hub: A networking hub.
- 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The network endpoint type ID.

uid

Type: string_t
Requirement: recommended

The unique identifier of the endpoint.

agent_list

Type: agent
Requirement: optional

A list of agent objects associated with a device, endpoint, or resource.

autonomous_system

Type: autonomous_system
Requirement: optional

The Autonomous System details associated with an IP address.

domain

Type: string_t
Requirement: optional

The name of the domain.

hw_info

Type: device_hw_info
Requirement: optional

The endpoint hardware information.

intermediate_ips

Type: ip_t
Requirement: optional

The intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header.

location

Type: location
Requirement: optional

The geographical location of the endpoint.

mac

Type: mac_t
Requirement: optional

The Media Access Control (MAC) address of the endpoint.

os

Type: os
Requirement: optional

The endpoint operating system.

proxy_endpoint

Type: network_proxy
Requirement: optional

The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT).

subnet_uid

Type: string_t
Requirement: optional

The unique identifier of a virtual subnet.

type

Type: string_t
Requirement: optional

The network endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other.

vlan_uid

Type: string_t
Requirement: optional

The Virtual LAN identifier.

vpc_uid

Type: string_t
Requirement: optional

The unique identifier of the Virtual Private Cloud (VPC).

zone

Type: string_t
Requirement: optional

The network zone or LAN segment.

Constraints

At least one of: ip, uid, name, hostname, svc_name, instance_uid, interface_uid, interface_name

Network Endpoint

Attributes

Constraints

Used By